Hi
We have a few webservices implemented as SLSB these services analyze parameters and makes calls to the servicelayer that consists of SLSB's.
Roles, groups and users are stored in an LDAP-catalog.
Our webservices and servicelayer are protected at method level with roles.
I have checked xml-files that are deployed and they look the same for both types of SLSB's.
[b]BUT the webservice methods are not protected !!!
[/b]
If I remove all roles/groups for a user I still can access the webservice but at the next level in the servicelayer the protection works and I get an exception.
What do I have to do to make methodlevel protection in the webservice endpoint work ?
I want an exception if the user is not in the required role/group.
TIA
Jan
[Message sent by forum member 'pliktverket' (pliktverket)]
http://forums.java.net/jive/thread.jspa?messageID=315790